formbook

General

Target

Inv_7623980.exe
Size

711KB
Sample

230519-hzceyaee51
MD5

9fefd93d8530102d9b1689d0aa233e51
SHA1

6c3f12a9fa864ac8c783da3f2a5b75254a692f85
SHA256

3017b026d0925919ad8085d523f83235fa84ead58d1399576e60e6183003820e
SHA512

45754db3bd5cc9d11d42f5b226efceac2b9694188e5843ccc28b103b005776e92b859f0fcdb7a192b7ed22fd00001ee21c15def22446c8deb07e2375a9ccb3e5
SSDEEP

12288:4MqBGppnzSOTzo6rv625OPX4EaxKqHcTZK9Mlr:9q0pBSOTc6Dn5MX4uq8Zz

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m82

Decoy

jamesdevereux.com

artificialturfminneapolis.com

hongmeiyan.com

lojaderoupasbr.com

yit.africa

austinrelocationexpert.com

saiva.page

exitsategy.com

chochonux.com

klosterbraeu-unterliezheim.com

byseymanur.com

sblwarwickshire.co.uk

brazimaid.com

ciogame.com

bronzesailing.com

dwkapl.xyz

022dyd.com

compassandpathwriting.com

alphabet1x.com

selfcleaninghairbrush.co.uk

Targets

- Target
  
  Inv_7623980.exe
- Size
  
  711KB
- MD5
  
  9fefd93d8530102d9b1689d0aa233e51
- SHA1
  
  6c3f12a9fa864ac8c783da3f2a5b75254a692f85
- SHA256
  
  3017b026d0925919ad8085d523f83235fa84ead58d1399576e60e6183003820e
- SHA512
  
  45754db3bd5cc9d11d42f5b226efceac2b9694188e5843ccc28b103b005776e92b859f0fcdb7a192b7ed22fd00001ee21c15def22446c8deb07e2375a9ccb3e5
- SSDEEP
  
  12288:4MqBGppnzSOTzo6rv625OPX4EaxKqHcTZK9Mlr:9q0pBSOTc6Dn5MX4uq8Zz
Score

10^/10

formbook m82 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2